Quantcast

Articles

Get all-in-one coverage of Internet security and online privacy issues brought up by the industry’s leading experts at security conferences and seminars.

Bypassing the Android Permission Model

Georgia Weidman, the Founder and CEO of Bulb Security, takes the floor at HITBSecConf2012 Amsterdam to present her research on security details and flaws of the Android permission model. Cheers everyone to my European debut! There will be no 0-days in this talk, except one – the 0-day that I came up with...

Drinking From the Caffeine Firehose 4: Pen Tests As a Source of Trending Data

Dan Tentler further exemplifies the stunning exposure of digital systems to virtually unimpeded access, and provides a summary of his Defcon talk. Ok, how about listening on telnet? These are intersections, like, stoplights, you can telnet into them and put them in test mode, and the warning says:...

Drinking From the Caffeine Firehose 3: Vulnerable Infrastructure Systems

Dan Tentler, aka Viss, provides a walkthrough of more systems that are exposed to outer intrusion, including massive cooling, power and i.LON controls. So, next – massive cooling equipment. This is a warehouse I found somewhere in Central America that had 14 gigantic evaporative coolers connected to it...

Drinking From the Caffeine Firehose 2: Accessing Private and Industrial Systems

This part encompasses the Dan Tentler’s proof of concept with regard to how vulnerable home automation and industrial systems are in terms of third-party access. Private residences – really rich people tend to use these things, because it’s kind of a home automation thing, it’s kind of cool to heat...

Drinking From the Caffeine Firehose We Know as Shodan

Freelance pentest guy Dan Tentler, aka Viss, delivers a talk at Defcon 20 about different digital control and supervision systems that can be accessed online. Welcome to “Drinking from the Caffeine Firehose We Know as Shodan”! Anybody recognizing that scene? (Image 1) Did everybody watch old...

Steal Everything, Kill Everyone, Cause Total Financial Ruin 6: Enforcing Security Awareness

This is the final part of Jayson E. Street’s Defcon talk where he explains how easy it may be to harvest company data and provides a summary of the presentation. People are so busy protecting their stuff from these very high-level attacks that they are forgetting SQLI (oops, sorry Sony). Sometimes it’s a...

Steal Everything, Kill Everyone, Cause Total Financial Ruin 5: Methods of Espionage

In this part, you will learn about the typical mistakes that even financial institutions and law enforcement agencies make in terms of counterespionage. Okay, so let’s talk about financial ruin, let’s talk about espionage. I hate to hurt some people’s feelings and say: “It’s not just the...

Steal Everything, Kill Everyone, Cause Total Financial Ruin 4: Workplace Violence Countermeasures

Physical damage resulting from poor intrusion detection systems at facilities is the subject Jayson E. Street focuses on here, providing his real-world examples Well, here’s the real warm and fuzzy side. We’re actually talking about how, you know, to kill everyone, because that always brings up a crowd...

Steal Everything, Kill Everyone, Cause Total Financial Ruin 3: Countermeasures of Theft

Jayson E. Street now illustrates some of his security assessments with photos and descriptions of how easily corporate and employees’ property can be stolen. I love this one. This is what I call the trifecta bad, because, yes, I stole the phone or cloned it; yes, I’ve got the laptop – 30 laptops...

Steal Everything, Kill Everyone, Cause Total Financial Ruin 2: I’m Getting In

Jayson E. Street’s subject in this part is the different tricks to apply during penetration engagements, and the rules he sticks to in his work. Now I’m not talking about social engineering part so much, as this is all the damage I’m going to do after your security guy lets me through the front door....